TRON-36 - trx recovery tests

twtaylorbitgo · perrybitgo · commit 8f8775b5d86e · 2019-11-19T15:41:01.000-08:00
diff --git a/modules/core/src/v2/coins/trx.ts b/modules/core/src/v2/coins/trx.ts
@@ -341,15 +341,15 @@ export class Trx extends BaseCoin {
    * @param callback
    * @returns {BigNumber} address balance
    */
-  getAccountBalanceFromNode(address: string, callback?: NodeCallback<any>): Bluebird<any> {
+  getAccountFromNode(address: string, callback?: NodeCallback<any>): Bluebird<any> {
     const self = this;
     return co(function*() {
       const result = yield self.recoveryPost({
         path: '/walletsolidity/getaccount',
         jsonObj: { address },
         node: NodeTypes.Solidity,
       });
-      return result.balance;
+      return result;
     })
       .call(this)
       .asCallback(callback);
@@ -381,6 +381,26 @@ export class Trx extends BaseCoin {
       .asCallback(callback);
   }
 
+  /**
+   * Throws an error if any keys in the ownerKeys collection don't match the keys array we pass
+   * @param ownerKeys
+   * @param keysToFind
+   */
+  checkPermissions(ownerKeys: { address: string; weight: number }[], keys: string[]) {
+    keys = keys.map(k => k.toUpperCase());
+
+    ownerKeys.map(key => {
+      const hexKey = key.address.toUpperCase();
+      if (!keys.includes(hexKey)) {
+        throw new Error(`pub address ${hexKey} not found in account`);
+      }
+
+      if (key.weight !== 1) {
+        throw new Error('owner permission is invalid for this structure');
+      }
+    });
+  }
+
   /**
    * Builds a funds recovery transaction without BitGo.
    * We need to do three queries during this:
@@ -400,30 +420,34 @@ export class Trx extends BaseCoin {
       const keys = yield self.initiateRecovery(params);
 
       // we need to decode our bitgoKey to a base58 address
-      const bitgoAddress = self.compressedPubToHexAddress(self.xpubToCompressedPub(params.bitgoKey));
+      const bitgoHexAddr = self.compressedPubToHexAddress(self.xpubToCompressedPub(params.bitgoKey));
       const recoveryAddressHex = bitgoAccountLib.Trx.Utils.getHexAddressFromBase58Address(params.recoveryDestination);
 
       // call the node to get our account balance
-      const recoveryAmount = yield self.getAccountBalanceFromNode(bitgoAddress);
+      const account = yield self.getAccountFromNode(bitgoHexAddr);
+      const recoveryAmount = account.balance;
 
       const userXPub = keys[0].neutered().toBase58();
       const userXPrv = keys[0].toBase58();
       const backupXPub = keys[1].neutered().toBase58();
 
-      const userPrv = self.xprvToCompressedPrv(userXPrv);
-      const userHexAddr = self.compressedPubToHexAddress(self.xpubToCompressedPub(userXPub));
-      const backupHexAddr = self.compressedPubToHexAddress(self.xpubToCompressedPub(backupXPub));
-
       // construct the tx -
       // there's an assumption here being made about fees: for a wallet that hasn't been used in awhile, the implication is
       // it has maximum bandwidth. thus, a recovery should cost the minimum amount (1e6 sun or 1 Tron)
       if (1e6 > recoveryAmount) {
         throw new Error('Amount of funds to recover wouldnt be able to fund a send');
       }
       const recoveryAmountMinusFees = recoveryAmount - 1e6;
-      const buildTx = yield self.getBuildTransaction(recoveryAddressHex, bitgoAddress, recoveryAmountMinusFees);
+      const buildTx = yield self.getBuildTransaction(recoveryAddressHex, bitgoHexAddr, recoveryAmountMinusFees);
 
-      // TODO: some checks here about pubs being valid, for this wallet, etc. from build transaction
+      // run a check to ensure this is a valid tx
+      const keyHexAddresses = [
+        self.compressedPubToHexAddress(self.xpubToCompressedPub(userXPub)),
+        self.compressedPubToHexAddress(self.xpubToCompressedPub(backupXPub)),
+        bitgoHexAddr,
+      ];
+      self.checkPermissions(account.owner_permission.keys, keyHexAddresses);
+      self.checkPermissions(account.active_permission[0].keys, keyHexAddresses);
 
       // construct our tx
       const txBuilder = new bitgoAccountLib.TransactionBuilder({ coinName: this.getChain() });
@@ -434,6 +458,8 @@ export class Trx extends BaseCoin {
         return txBuilder.build().toJson();
       }
 
+      const userPrv = self.xprvToCompressedPrv(userXPrv);
+
       txBuilder.sign({ key: userPrv });
 
       // krs recoveries don't get signed
diff --git a/modules/core/test/v2/unit/recovery.ts b/modules/core/test/v2/unit/recovery.ts
@@ -566,7 +566,7 @@ describe('Recovery:', function() {
       recoveryNocks.nockTronRecovery();
     });
 
-    it('should generate TRON recovery tx from user and backup keys', co(function *() {
+    it('should generate recovery tx from encrypted user and backup keys', co(function *() {
       const recoveryTx = yield baseCoin.recover({
         userKey: '{"iv":"QPX3xtGROshqHW8kGPAYCw==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"LJ4YYCyClRE=","ct":"hlJH8lWk/FaciymG8UsscxVFCnOduLRjoWxaK8xU7TjsqUDXsQjj0BpH7aNm64p6ldueaGoU2/VfrrzX9lWrcVmXspFp2oON5EyK45JbI13hirqG2dkOqoT8G8mrMydMp6zG5iOA+EtXRy69kYDCI1Re6mR7k1c="}',
         backupKey: '{"iv":"xbOCFaZVnrQLAYKcgMvdNw==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"86cZ+hT+S0Y=","ct":"RH7Uks/JjNARX9wuIw6r4Map2C9FtLlWYk4zjLcrjzkBuNTCUNQgxF7kU5/SWzD+tomVBj6P9CLkXYzPlR1NhVi+aT9mTW6LK9nJ+ErpLKXzbIAxBLezDjJ5xqUS5cGkjoHCtANL7qTZcDBvOfejLDrUjQdw2WQ="}',
@@ -583,12 +583,33 @@ describe('Recovery:', function() {
       recoveryTx.raw_data_hex.should.equal('0a023ffb2208c1647593403d263b40b8b2e6fce72d5a69080112650a2d747970652e676f6f676c65617069732e636f6d2f70726f746f636f6c2e5472616e73666572436f6e747261637412340a15414d0941161d0f7e1da0c8989b1566c9d9b43e1226121541f3a3d6d514e7d43fbbf632a687acd65aafb8a50c18c0cdd6ac03709deae2fce72d');
     }));
 
-    it('should generate TRON recovery tx with unencrypted keys', co(function *() {
+    it('should generate recovery tx with unencrypted keys', co(function *() {
+      const recoveryTx = yield baseCoin.recover({
+        userKey: 'xpub661MyMwAqRbcEvKZzdcvuU1nesKjFz8Gh8P1gTsowTCkGCByHRu1JsZwZYPJV6mUT3s3pQYxUtDU3JjkNruSGDK3kZUpgXqTfDAY6664a2H',
+        backupKey: 'xpub661MyMwAqRbcF2zqeVjGdDJgEoZMFi5Vksfk3DtD9v4sBraTdgTzV3rTifJGWWudUxswBza3RotmQGxDCVKLNcRh7nW8ECB3BNSU6Xx91fL',
+        bitgoKey: 'xpub661MyMwAqRbcFcaxCPsEyhj79VUuVVThWinZnjhvAPnFLB1SBp7Yk4gvqWsGE3MHdw1tPRLnHRRQLNcrKqaCyBnFK5XTrZUrLyY94LXn4v9',
+        recoveryDestination: 'TYBTURKpanKxnx91uyfvvtztNeHE3EQf6G',
+      });
 
+      should.exist(recoveryTx);
+
+      recoveryTx.txID.should.equal('55d76a068b97933a98e5d02e6fecd4c2971f1d37f0bb850a919b17def906a239');
+      recoveryTx.raw_data_hex.should.equal('0a023ffb2208c1647593403d263b40b8b2e6fce72d5a69080112650a2d747970652e676f6f676c65617069732e636f6d2f70726f746f636f6c2e5472616e73666572436f6e747261637412340a15414d0941161d0f7e1da0c8989b1566c9d9b43e1226121541f3a3d6d514e7d43fbbf632a687acd65aafb8a50c18c0cdd6ac03709deae2fce72d');
     }));
 
-    it('should generate an TRON unsigned sweep', co(function *() {
+    it('should generate an unsigned sweep', co(function *() {
+      const recoveryTx = yield baseCoin.recover({
+        userKey: '{"iv":"QPX3xtGROshqHW8kGPAYCw==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"LJ4YYCyClRE=","ct":"hlJH8lWk/FaciymG8UsscxVFCnOduLRjoWxaK8xU7TjsqUDXsQjj0BpH7aNm64p6ldueaGoU2/VfrrzX9lWrcVmXspFp2oON5EyK45JbI13hirqG2dkOqoT8G8mrMydMp6zG5iOA+EtXRy69kYDCI1Re6mR7k1c="}',
+        backupKey: 'xpub661MyMwAqRbcF2zqeVjGdDJgEoZMFi5Vksfk3DtD9v4sBraTdgTzV3rTifJGWWudUxswBza3RotmQGxDCVKLNcRh7nW8ECB3BNSU6Xx91fL',
+        bitgoKey: 'xpub661MyMwAqRbcFcaxCPsEyhj79VUuVVThWinZnjhvAPnFLB1SBp7Yk4gvqWsGE3MHdw1tPRLnHRRQLNcrKqaCyBnFK5XTrZUrLyY94LXn4v9',
+        walletPassphrase: TestBitGo.V2.TEST_RECOVERY_PASSCODE,
+        recoveryDestination: 'TYBTURKpanKxnx91uyfvvtztNeHE3EQf6G',
+      });
+
+      should.exist(recoveryTx);
 
+      recoveryTx.txID.should.equal('55d76a068b97933a98e5d02e6fecd4c2971f1d37f0bb850a919b17def906a239');
+      recoveryTx.raw_data_hex.should.equal('0a023ffb2208c1647593403d263b40b8b2e6fce72d5a69080112650a2d747970652e676f6f676c65617069732e636f6d2f70726f746f636f6c2e5472616e73666572436f6e747261637412340a15414d0941161d0f7e1da0c8989b1566c9d9b43e1226121541f3a3d6d514e7d43fbbf632a687acd65aafb8a50c18c0cdd6ac03709deae2fce72d');
     }));
   });
 
